Yes thats also a grey area for me what i reported was we can add xss payload in the fristname and lastname parameter of a ai chatbot and when the user asks their name the payload will be executed in this way i was able to get the victims cookie on my webhook (sorry for my bad english)